[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 30 Dec 2020 00:10:38 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
713322f7 by security tracker role at 2020-12-30T08:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,173 @@
+CVE-2021-21443
+       RESERVED
+CVE-2021-21442
+       RESERVED
+CVE-2021-21441
+       RESERVED
+CVE-2021-21440
+       RESERVED
+CVE-2021-21439
+       RESERVED
+CVE-2021-21438
+       RESERVED
+CVE-2021-21437
+       RESERVED
+CVE-2021-21436
+       RESERVED
+CVE-2021-21435
+       RESERVED
+CVE-2021-21434
+       RESERVED
+CVE-2020-35850 (** DISPUTED ** An SSRF issue was discovered in 
cockpit-project.org Coc ...)
+       TODO: check
+CVE-2020-35849
+       RESERVED
+CVE-2020-35848 (Agentejo Cockpit before 0.11.2 allows NoSQL injection via the 
Controll ...)
+       TODO: check
+CVE-2020-35847 (Agentejo Cockpit before 0.11.2 allows NoSQL injection via the 
Controll ...)
+       TODO: check
+CVE-2020-35846 (Agentejo Cockpit before 0.11.2 allows NoSQL injection via the 
Controll ...)
+       TODO: check
+CVE-2020-35845
+       RESERVED
+CVE-2020-35844
+       RESERVED
+CVE-2020-35843
+       RESERVED
+CVE-2020-35842 (Certain NETGEAR devices are affected by stored XSS. This 
affects D6200 ...)
+       TODO: check
+CVE-2020-35841 (Certain NETGEAR devices are affected by stored XSS. This 
affects D6200 ...)
+       TODO: check
+CVE-2020-35840 (Certain NETGEAR devices are affected by stored XSS. This 
affects D6200 ...)
+       TODO: check
+CVE-2020-35839 (Certain NETGEAR devices are affected by Stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35838 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35837 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35836 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35835 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35834 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35833 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35832 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35831 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35830 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35829 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35828 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35827 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35826 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35825 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35824 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35823 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35822 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35821 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35820 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35819 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35818 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35817 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35816 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35815 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35814 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35813 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35812 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35811 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35810 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35809 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35808 (Certain NETGEAR devices are affected by stored XSS. This 
affects D6100 ...)
+       TODO: check
+CVE-2020-35807 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35806 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35805 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-35804 (Certain NETGEAR devices are affected by disclosure of 
sensitive inform ...)
+       TODO: check
+CVE-2020-35803 (Certain NETGEAR devices are affected by disclosure of 
sensitive inform ...)
+       TODO: check
+CVE-2020-35802 (Certain NETGEAR devices are affected by disclosure of 
sensitive inform ...)
+       TODO: check
+CVE-2020-35801 (Certain NETGEAR devices are affected by incorrect 
configuration of sec ...)
+       TODO: check
+CVE-2020-35800 (Certain NETGEAR devices are affected by incorrect 
configuration of sec ...)
+       TODO: check
+CVE-2020-35799 (Certain NETGEAR devices are affected by a stack-based buffer 
overflow  ...)
+       TODO: check
+CVE-2020-35798 (Certain NETGEAR devices are affected by command injection by 
an unauth ...)
+       TODO: check
+CVE-2020-35797 (NETGEAR NMS300 devices before 1.6.0.27 are affected by command 
injecti ...)
+       TODO: check
+CVE-2020-35796 (Certain NETGEAR devices are affected by a buffer overflow by 
an unauth ...)
+       TODO: check
+CVE-2020-35795 (Certain NETGEAR devices are affected by a buffer overflow by 
an unauth ...)
+       TODO: check
+CVE-2020-35794 (Certain NETGEAR devices are affected by command injection by 
an authen ...)
+       TODO: check
+CVE-2020-35793 (Certain NETGEAR devices are affected by command injection by 
an authen ...)
+       TODO: check
+CVE-2020-35792 (Certain NETGEAR devices are affected by command injection by 
an authen ...)
+       TODO: check
+CVE-2020-35791 (Certain NETGEAR devices are affected by command injection by 
an authen ...)
+       TODO: check
+CVE-2020-35790 (Certain NETGEAR devices are affected by command injection by 
an authen ...)
+       TODO: check
+CVE-2020-35789 (NETGEAR NMS300 devices before 1.6.0.27 are affected by command 
injecti ...)
+       TODO: check
+CVE-2020-35788 (NETGEAR WAC104 devices before 1.0.4.13 are affected by a 
buffer overfl ...)
+       TODO: check
+CVE-2020-35787 (Certain NETGEAR devices are affected by a buffer overflow by 
an authen ...)
+       TODO: check
+CVE-2020-35786 (NETGEAR R7800 devices before 1.0.2.74 are affected by a buffer 
overflo ...)
+       TODO: check
+CVE-2020-35785 (NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd 
authenticat ...)
+       TODO: check
+CVE-2020-35784 (Certain NETGEAR devices are affected by lack of access control 
at the  ...)
+       TODO: check
+CVE-2020-35783 (Certain NETGEAR devices are affected by lack of access control 
at the  ...)
+       TODO: check
+CVE-2020-35782 (Certain NETGEAR devices are affected by lack of access control 
at the  ...)
+       TODO: check
+CVE-2020-35781 (NETGEAR NMS300 devices before 1.6.0.27 are affected by denial 
of servi ...)
+       TODO: check
+CVE-2020-35780 (NETGEAR NMS300 devices before 1.6.0.27 are affected by denial 
of servi ...)
+       TODO: check
+CVE-2020-35779 (NETGEAR NMS300 devices before 1.6.0.27 are affected by denial 
of servi ...)
+       TODO: check
+CVE-2020-35778 (Certain NETGEAR devices are affected by CSRF. This affects 
GS716Tv3 be ...)
+       TODO: check
+CVE-2020-35777 (NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by 
command inj ...)
+       TODO: check
+CVE-2020-35776
+       RESERVED
 CVE-2020-35775
        RESERVED
 CVE-2020-35774 (server/handler/HistogramQueryHandler.scala in Twitter 
TwitterServer (a ...)
@@ -6067,8 +6237,8 @@ CVE-2020-29596 (MiniWeb HTTP server 0.8.19 allows remote 
attackers to cause a de
        NOT-FOR-US: MiniWeb HTTP server
 CVE-2020-29595 (PlugIns\IDE_ACDStd.apl in ACDSee Photo Studio Studio 
Professional 2021 ...)
        NOT-FOR-US: ACDSee Photo Studio Studio Professional
-CVE-2020-29594
-       RESERVED
+CVE-2020-29594 (Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 
2.4.13, 3.x be ...)
+       TODO: check
 CVE-2020-29593
        RESERVED
 CVE-2020-29592
@@ -11850,17 +12020,17 @@ CVE-2020-28285
        RESERVED
 CVE-2020-28284
        RESERVED
-CVE-2020-28283 (Prototype pollution vulnerability in &#8216;libnested&#8217; 
versions  ...)
+CVE-2020-28283 (Prototype pollution vulnerability in 'libnested' versions 
0.0.0 throug ...)
        TODO: check
-CVE-2020-28282 (Prototype pollution vulnerability in &#8216;getobject&#8217; 
version 0 ...)
+CVE-2020-28282 (Prototype pollution vulnerability in 'getobject' version 0.1.0 
allows  ...)
        TODO: check
-CVE-2020-28281 (Prototype pollution vulnerability in 
&#8216;set-object-value&#8217; ve ...)
+CVE-2020-28281 (Prototype pollution vulnerability in 'set-object-value' 
versions 0.0.0 ...)
        TODO: check
-CVE-2020-28280 (Prototype pollution vulnerability in &#8216;predefine&#8217; 
versions  ...)
+CVE-2020-28280 (Prototype pollution vulnerability in 'predefine' versions 
0.0.0 throug ...)
        TODO: check
-CVE-2020-28279 (Prototype pollution vulnerability in &#8216;flattenizer&#8217; 
version ...)
+CVE-2020-28279 (Prototype pollution vulnerability in 'flattenizer' versions 
0.0.5 thro ...)
        TODO: check
-CVE-2020-28278 (Prototype pollution vulnerability in &#8216;shvl&#8217; 
versions 1.0.0 ...)
+CVE-2020-28278 (Prototype pollution vulnerability in 'shvl' versions 1.0.0 
through 2.0 ...)
        TODO: check
 CVE-2020-28277 (Prototype pollution vulnerability in 'dset' versions 1.0.0 
through 2.0 ...)
        TODO: check
@@ -14061,12 +14231,12 @@ CVE-2020-27647
        RESERVED
 CVE-2020-27646 (Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x 
before 6.0.1 ...)
        NOT-FOR-US: Biscom Secure File Transfer (SFT)
-CVE-2020-27645
-       RESERVED
-CVE-2020-27644
-       RESERVED
-CVE-2020-27643
-       RESERVED
+CVE-2020-27645 (The Inventory module of the 1E Client 5.0.0.745 doesn't handle 
an unqu ...)
+       TODO: check
+CVE-2020-27644 (The Inventory module of the 1E Client 5.0.0.745 doesn't handle 
an unqu ...)
+       TODO: check
+CVE-2020-27643 (The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 
and 4.1.0 ...)
+       TODO: check
 CVE-2020-27642 (A cross-site scripting (XSS) vulnerability exists in the 
'merge accoun ...)
        NOT-FOR-US: BigBlueButton
 CVE-2020-27641
@@ -19781,7 +19951,7 @@ CVE-2020-25201 (HashiCorp Consul Enterprise version 
1.7.0 up to 1.8.4 includes a
        [buster] - consul <not-affected> (Vulnerable code introduced later)
        NOTE: https://github.com/hashicorp/consul/pull/9024
        NOTE: 
https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#185-october-23-2020
-CVE-2020-25200 (Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN 
usernames ...)
+CVE-2020-25200 (** DISPUTED ** Pritunl 1.29.2145.25 allows attackers to 
enumerate vali ...)
        NOT-FOR-US: Pritunl
 CVE-2019-20916 (The pip package before 19.2 for Python allows Directory 
Traversal when ...)
        {DLA-2370-1}
@@ -38077,8 +38247,8 @@ CVE-2020-16270 (OLIMPOKS under 3.3.39 allows Auth/Admin 
ErrorMessage XSS. Remote
 CVE-2020-16269 (radare2 4.5.0 misparses DWARF information in executable files, 
causing ...)
        - radare2 <unfixed>
        NOTE: https://github.com/radareorg/radare2/issues/17383
-CVE-2020-16268
-       RESERVED
+CVE-2020-16268 (The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows 
remote a ...)
+       TODO: check
 CVE-2020-16267 (Zoho ManageEngine Applications Manager version 14740 and prior 
allows  ...)
        NOT-FOR-US: Zoho ManageEngine Applications Manager
 CVE-2020-16266 (An XSS issue was discovered in MantisBT before 2.24.2. 
Improper escapi ...)
@@ -55745,16 +55915,16 @@ CVE-2020-10212 (upload.php in Responsive FileManager 
9.13.4 and 9.14.0 allows SS
        NOT-FOR-US: Responsive FileManager
 CVE-2020-10211 (A remote code execution vulnerability in UCB component of 
Mitel MiVoic ...)
        NOT-FOR-US: Mitel
-CVE-2020-10210
-       RESERVED
-CVE-2020-10209
-       RESERVED
-CVE-2020-10208
-       RESERVED
-CVE-2020-10207
-       RESERVED
-CVE-2020-10206
-       RESERVED
+CVE-2020-10210 (Because of hard-coded SSH keys for the root user in Amino 
Communicatio ...)
+       TODO: check
+CVE-2020-10209 (Command Injection in the CPE WAN Management Protocol (CWMP) 
registrati ...)
+       TODO: check
+CVE-2020-10208 (Command Injection in EntoneWebEngine in Amino Communications 
AK45x ser ...)
+       TODO: check
+CVE-2020-10207 (Use of Hard-coded Credentials in EntoneWebEngine in Amino 
Communicatio ...)
+       TODO: check
+CVE-2020-10206 (Use of a Hard-coded Password in VNCserver in Amino 
Communications AK45 ...)
+       TODO: check
 CVE-2020-10205
        RESERVED
 CVE-2020-10204 (Sonatype Nexus Repository before 3.21.2 allows Remote Code 
Execution. ...)
@@ -55914,8 +56084,8 @@ CVE-2020-10150
        RESERVED
 CVE-2020-10149
        RESERVED
-CVE-2020-10148
-       RESERVED
+CVE-2020-10148 (The SolarWinds Orion API is vulnerable to an authentication 
bypass tha ...)
+       TODO: check
 CVE-2020-10147
        RESERVED
 CVE-2020-10146 (The Microsoft Teams online service contains a stored 
cross-site script ...)
@@ -202888,7 +203058,7 @@ CVE-2017-14059 (In FFmpeg 3.3.3, a DoS in 
cine_read_header() due to lack of an E
        - libav <removed>
        [jessie] - libav <not-affected> (vulnerable code is not present)
        NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/7e80b63ecd259d69d383623e75b318bf2bd491f6
-CVE-2017-14058 (In FFmpeg 3.3.3, the read_data function in libavformat/hls.c 
does not  ...)
+CVE-2017-14058 (In FFmpeg 2.4 and 3.3.3, the read_data function in 
libavformat/hls.c d ...)
        {DSA-3996-1 DLA-1740-1}
        - ffmpeg 7:3.3.4-1 (low)
        - libav <removed>



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/713322f7d4337c52b5b93c9e4c48fc13c02a9c09

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/713322f7d4337c52b5b93c9e4c48fc13c02a9c09
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to